Skillset

What is the Phishing Kill Chain?

Many people have heard of the cyber kill chain, but what about the phishing kill chain? Like the cyber kill chain, this model of phishing attacks can be used to help identify and stop phishing attempts. The phishing kill chain flows as follows:

Targeting. The potential phisher determines their next target and create the phishing email and email list

Delivery. The phishing email attempt is sent to the person or persons on the email list

Deception. The phishing email uses deceptive information within the email to trick the user

Click. The victim clicks on the malicious link(s) in the email

Surrender. The victim inputs data, normally some personal data, into the malicious site

Extraction. The malicious site sends the information to the attacker

Action. The attacker uses the stolen information to commit cybercrime

Using the Phishing Kill Chain

Using the phishing kill chain to create defensive techniques is an effective method to assist in preventing successful phishing attempts. The human is often the weakest link in protecting computer systems, and implementing extra defenses offsets the potential damage caused when an unsuspecting user clicks a malicious links.

The first two steps in the kill chain can prove very important to picking defense mechanisms for your organization. Understanding who would target your organization could help you better understand the delivery capabilities of your potential attacker(s).

Take, for example, the Department of Defense. Any branch of the military could safely assume that any of their networks are a desired target for foreign entities. These potential bad actors could be funded by governments, meaning they would have the ability to finance sophisticated tools and continuous phishing attempts. Knowing this would encourage the owners of military systems to invest in strong defense mechanisms. By comparison, a smaller firm with only a few employees that does not process any payments on their website might be less vulnerable to phishing attempts. They would still want to use strong defense mechanisms, but would be less inclined to spend big bucks on high-security items that they may not need.

No matter what sector, understanding the third part of the chain is also important to building a suitable defense strategy. Knowing the potential criminals who would target your particular business will also help you understand the types of techniques used. Again, if you suspect your line of business would be a target for highly-sophisticated criminals, your implemented defenses may differ from those of a business that is a less-desirable target.

Defense Mechanisms

There are many defense mechanisms to help protect organizations against phishing attacks. Some are embedded in the browsers and email applications we use every day. They are seamless, so we may not even realize they are being used.

Hackers have increase their techniques’ sophistication since the first “Nigerian Prince” email scam was circulated, but there are still some similarities in the wording and techniques used in phishing emails. Most of the well-established email providers are able to use this collected data to implement phishing protection within their mail servers.

But some of these emails still make it through those initial safeguards, so even more mechanisms must be put in place. A few such defenses are:

Google’s Safe Browsing API protects at the “Click” part of the phishing chain. If a malicious website is already a part of a knowledge database and a unsuspecting user clicks on it, the Chrome browser will notify the user and warn them to turn back.

Security Awareness

Microsoft’s Phishing Filter protects at the “Click” part of the phishing chain. Just like Google’s Safe Browser API, if a malicious website is already a part of a knowledge database and a unsuspecting user clicks on it, the Internet Explorer browser will notify the user and warn them to turn back.

Gmail’s Gold Key works at the “Deception” point of the chain. Provides an image that validates that an image is trusted.

Domain-based Message Authentication, Reporting and Conformance (DMARC) works at the “Delivery” portion of the chain. Domains that support DMARC create virtual handshakes to verify an email actually came from the intended domain. Fake emails are rejected or destroyed.

But even with all of this technology, the biggest defense mechanism is still education. Making sure users know how to identify phishing attempts will always be important. That is why resources likeSecurityIQ are useful in keeping the workforce and all Internet users up-to-date on current phishing trends, and best ways to avoid them if they make it into their inbox.

Sources

Tyra Appleby is a CISSP certified lover of all things cybersecurity. After serving 4 years in the Navy as a Cryptologic Technician, she continued supporting various DoD and government agencies as a Systems Security Engineer. She has a passion for writing and research, particularly in the areas of Reverse Engineering and Digital Forensics. When she’s not working, you can find her at the beach with her Rottweiler Ava.

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

Website

Save my name, email, and website in this browser for the next time I comment.

9 + = eighteen

About InfoSec

At Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We provide the best certification and skills development training for IT and security professionals, as well as employee security awareness training and phishing simulations. Learn more at infosecinstitute.com.

Connect with us

Join our newsletter

File download

First Name

Last Name

Work Phone Number

Work Email Address

Job Title

Why Take This Training?

How will you fund your training?

What is your training budget?

InfoSec institute respects your privacy and will never use your personal information for anything other than to notify you of your requested course pricing. We will never sell your information to third parties. You will not be spammed.

Comments

What is Skillset?

Skillset

Practice tests & assessments.

Practice for certification success with the Skillset library of over 100,000 practice test questions. We analyze your responses and can determine when you are ready to sit for the test. Along your journey to exam readiness, we will:

1. Determine which required skills your knowledge is sufficient
2. Which required skills you need to work on
3. Recommend specific skills to practice on next
4. Track your progress towards a certification exam